Tag: linux

nftables: Modern Linux Firewalling

iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.

Restic vs Borg vs Kopia: Backups That Actually Deduplicate

rsync is not a backup. Restic, Borg, and Kopia do deduplication, encryption, and incremental snapshots properly. Here's which one fits your home lab and why.

Suricata vs Snort: Network Intrusion Detection That Actually Works

Snort invented network intrusion detection. Suricata multi-threaded its way past it. Here's how to set up real IDS/IPS on your home lab and actually understand what it's telling you.

Sysctl Tuning: The Linux Kernel Settings Nobody Told You About

Linux ships with conservative kernel defaults meant for general use. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just values to paste.

Falco: Catch Container Attacks at Runtime

Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.

Cockpit vs Webmin: Web Admin Panels That Don't Make You Cry

Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.

Fail2ban vs CrowdSec: Blocking the Bots Actually Smartly

Fail2ban bans IPs that attack you. CrowdSec bans them before they attack you, using community threat intelligence. Here's how to set up both and why you might want both.

2FA for SSH and sudo via PAM

Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.

Systemd Timers vs Cron: Scheduling That Doesn't Suck

Cron has been scheduling your jobs since before you were born. Systemd timers do everything cron does, plus logging, dependencies, and missed-run recovery.

SSH CA: Finally Ditch authorized_keys

Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.

Wazuh: Open Source SIEM for Your Home Lab

Wazuh gives you SIEM, HIDS, FIM, and threat detection in one stack. Here's how to deploy it in your home lab with Docker and actually use it.

ZFS vs Btrfs: Which Modern Filesystem Wins?

ZFS is the paranoid fortress of filesystems. Btrfs is the scrappy upstart built into your kernel. Here's which one belongs in your home lab.